If wildcards are specified in object names then it is possible that more than one of the rules in a rule container may apply to an object name. However, the check is always performed in the sequence in which the rules are entered in the rule container and terminates when the first match is located.

The diagram below presents the active rule container (pubset-global):

USER1 creates the file $USER1.BOOK. When a search is performed for matching default values, the string BOO* from the first rule is checked against the file name part BOOK. The name matches. Next, the user ID in the path name of the file BOOK ($USER1) is checked against the specified user ID in the DEFPUID guard. This matches and the default value USER-ACCESS=*OWNER-ONLY is used. The second rule is not taken into account as part of the search.